Did I say sold? I meant, is selling. They haven’t stopped, despite the Cambridge Analytica scandal.
When Facebook shut one leaking door, it left another open. And Mark Zuckerberg may have lied to Congress about it.
The Cambridge Analytica scandal, AKA ‘the one we know about’
If you don’t remember, it came to light last March that Facebook had allowed a ‘consultancy’ company called Cambridge Analytica to extract the personal data of over 87 million people from Facebook – without their knowledge or consent – and use this to build a weaponized disinformation service that it then sold to the highest bidder.
It was hard for Facebook to defend its business model in the face of the criticism it received for its role in the Cambridge Analytica scandal, and CEO Mark Zuckerberg went to Washington to appear open and contrite before Congress with his MyBad 2000® chip fully engaged.
The cool-geek image that Zuck has worked so hard to project didn’t seem to be holding up under the glare of the United States Congress, even though they often struggled to ask cogent questions and betrayed a dismaying lack of understanding about basic tech issues like the difference between WhatsApp and email.
But at least we all thought we knew where we were in the game. Zuck had been caught out, he was being investigated for the thing we knew about and the rules were about to change. A million ‘where now for Facebook?’ thinkpieces later, it turns out we were all wrong.
I even wrote a piece about it myself, saying the problem wasn’t really Facebook, and when you think about it, aren’t we all kind of guilty?
So, about that.
Facebook is definitely the problem
Turns out, Cambridge Analytica might have been the tip of an iceberg – and not a vague, amorphous one of ‘it’s the whole internet,’ or ‘no-one’s data is really safe.’ No, this is a big, Titanic-sinking, Penguin-colony-supporting, Greenpeace-enraging iceberg made up of other people Zuck’s been selling your data to.
Facebook shares deep user data with device makers who use its app on their devices.
What do we mean by deep device data?
Well, deep device data means things like behavioral data about when people used the Facebook app, what they used it for and what else they did online while it was installed.
These companies can access relationship status, religious opinions, political views – and upcoming events.
And the nature of Facebook’s arrangements with these companies means that if you have one of these devices, the Facebook data of your friends is up for grabs too.
And how many device manufacturers are affected?
Over sixty. Including Microsoft, Apple, Samsung, Amazon, Blackberry and many more. At this rate, General Motors is probably on the list.
Third party risks
In addition to the obvious creepiness of letting Facebook’s buddies scroll through your newsfeed and pick their way through your address book, there’s a major third party issue here too. If apps on the device can access device data, and your Facebook account is treated as device data, then a malicious app can easily steal huge tranches of data – even about people who were too savvy to download it, if you happen to be friends on Facebook.
‘You might think that Facebook or the device manufacturer is trustworthy,’ suggests UCLA privacy researcher Serge Egelman, though personally I don’t recommend it. ‘But the problem,’ Egelan goes on to say, ‘is that as more and more data is collected on the device – and if it can be accessed by apps on the device – it creates serious privacy and security risks.’
How long has Facebook known about this?
Sandy Parakilas, one-time head of Facebook’s third-party ads and privacy compliance divisions, says this device partnership issue was flagged as a burning privacy question in 2012, the year he left the company.
That’s more than can be said for Facebook; they kept up these partnerships until this year, although they’d known for over half a decade that they were a serious privacy risk. They are ‘winding them up,’ now, apparently. The process began in April – a year and a month after the Cambridge Analytica scandal broke.
Did Zuck lie to Congress?
In April of this year, Mark Zuckerberg went to Washington to talk about the Cambridge Analytica scandal. In response to a question from Utah Republican Senator Orrin Hatch, Zuckerberg said: ‘Every piece of content that you share on Facebook, you own, and you have complete control over who sees it and – and how you share it, and you can remove it at any time.’
Thing is, now it looks like that might not be true. And there’s a name for being economical with the truth to Congress.
That name is US Code Title 18, Section 1001: Source
Anyone who lies to any branch of the Federal government can face up to five years in jail for it.
And in the words of Representative David Cicilline of Rhode Island, it ‘sure looks like [Facebook Chief Executive Mark] Zuckerberg lied to Congress about whether users have “complete control” over who sees our data on Facebook. This needs to be investigated and the people responsible need to be held accountable.’
Don’t hold your breath, but lawmakers are pretty pissed off on this one. That doesn’t mean they’re on your side, as such – for every one who wants to protect your right to privacy, there’s ten who want to protect their monopoly on the right to spy on you, if only they could figure out how to use this darn thing…
The message?
The paranoids were right and they always have been. I’ve made jokes before about how a realistic appraisal of the way the digital economy operates makes you sound more or less exactly like a guy with a tinfoil hat who wants to tell you how the government reads his mind, but that’s not the kind of paranoid I’m talking about.
Instead I mean people who’ve been warning for decades that one of the things we’re surrendering, in return for the opportunity to Like, Favorite and pretend to be farmers (don’t get me started; it’s as attractive as Serf Simulator), we’re giving up really vital aspects of our security that will be hard or impossible to claw back.
Where do you start?
There are things to do to claw back your digital life from spyware companies like Facebook. But the place to start is by protecting your connection to the internet itself: you need to get a VPN!
"A speedy VPN that's very easy to use and covers basic privacy needs well enough"
- Excellent available variety of servers
- Servers are fast and secure
- Offers six connections
- Safe Wi-Fi Protection
- Loads Websites 3 To 5 Times Faster
- No Logging
- 256-bit AES Encryption
- Blazing Fast Connection Speed
- No Logs